Passwords are the bane of the security community. We are forced to rely on them, while knowing theyâ€™re only as secure as our operating systems, which can be compromised by spyware and malware. There are a number of common techniques used to crack passwords.

Dictionary attacks: These rely on software that automatically plugs common words into password fields. Password cracking becomes almost effortless with a tool like John the Ripper or similar programs.

Cracking security questions: When you click the â€œforgot passwordâ€ link within a webmail service or other site, youâ€™re asked to answer a question or series of questions. The answers can often be found on your social media profile. This is how Sarah Palinâ€™s Yahoo account was hacked.

Simple passwords: When 32 million passwords were exposed in a breach last year, almost 1% of victims were using â€œ123456.â€ The next most popular password was â€œ12345.â€ Other common choices are â€œ111111,â€ â€œ1234567,â€ â€œ12345678,â€ â€œ123456789,â€ â€œprincess,â€ â€œqwerty,â€ and â€œabc123.â€ Many people use first names as passwords, usually the names of spouses, kids, other relatives, or pets, all of which can be deduced with a little research.

Reuse of passwords across multiple sites: Reusing passwords for email, banking, and social media accounts can lead to identity theft. Two recent breaches revealed a password reuse rate of 31% among victims.

Social engineering: Social engineering is an elaborate type of lying. An alternative to traditional hacking, it is the act of manipulating others into performing certain actions or divulging confidential information.

There are a number of ways to create more secure passwords. One option is to create passwords based on a formula, using a familiar name or word, plus a familiar number, plus the first four words of the website where that password will be used. Mix in a combination of upper and lowercase letters, and you have a secure password. Using this formula, your Bank of America password could be â€œDog7Bank,â€ for example. (Add one capital letter and an asterisk to your password, and it can add a couple of centuries to the time it would take for a password cracking program to come up with it.)

Password managers can also help generate and store secure passwords. Some people like Lastpass. Another incredibly efficient and secure service is Roboform, which has a â€œGenerateâ€ tab in its browser toolbar that creates passwords that canâ€™t be guessed, like â€œChF95udk.â€ All your passwords are backed up on a secure encrypted server and can sync on multiple PCs.

It is just as important is to make sure your PC is free of malicious programs like spyware and keylogging software. Beware of RATs, or Remote Access Trojans, which can capture every keystroke typed, take a snapshot of your screen, and even take rolling video of your screen with a webcam. But whatâ€™s most damaging is the possibility of a RAT gaining full access to your files, including any passwords being stored by a password manager.

Use antivirus and anti-spyware software and firewalls, and set up your PC to require administrative rights in order to install any new software.

2 users commented in " Check Your Password Security "

hmmm…with a title like this, I was expecting a link to use which would tell me how easy my password is to crack. How disappointing….

HCK said,

in March 29th, 2011 at 9:12 pm

I am very surprised to see an article this recent that still recommends Roboform software.

Roboform, as you must be aware, recently decided to ignore its previous sales contracts and charge loyal customers a second time for their software via a “version 7 upgrade” despite repeated promises over several years that “free upgrades” were the top reason to purchase the pro version of their package.

This has, of course, created enormous frustration and anger toward Siber Systems, a company that seems to have placed most of its eggs in the Roboform basket. The company’s future must surely be in doubt after it alienated millions of its customers.

My advice? Get another form-filling software package from a more reputable company.

Leave A Reply

Username (*required)

Email Address (*private)

Website (*optional)

Advertisements

BloggerNews On The Air

We are pleased to announce our latest endeavor, Blogger News is now sponsoring some radio shows on Blog Talk Radio. You can check our full schedule, and listen to previous broadcasts here, and we hope that you will join us on the air in this new venture.